Use setresuid/setresgid to revoke suid/sgid bit

Use setresuid/setresgid to revoke suid/sgid bit instead of seteuid/setegid
in cgexec.

Signed-off-by: Jan Safranek <jsafrane@redhat.com>
Acked-by: Dhaval Giani <dhaval.giani@gmail.com>
Signed-off-by: Dhaval Giani <dhaval.giani@gmail.com>

diff --git a/src/tools/cgexec.c b/src/tools/cgexec.c
index 7552fd98578c3030523bca7755bfd3f2319bde99..8e0b4d8cdbe44c23c32577e518f7726e56a3ef2d 100644 (file)
--- a/src/tools/cgexec.c
+++ b/src/tools/cgexec.c
@@ -13,6 +13,10 @@
  *
  */
 
+#ifndef _GNU_SOURCE
+#define _GNU_SOURCE
+#endif
+
 #include <errno.h>
 #include <grp.h>
 #include <libcgroup.h>
@@ -113,11 +117,11 @@ int main(int argc, char *argv[])
         * socket, and an euid/egid should be changed to the executing user
         * from a root user.
         */
-       if (seteuid(uid)) {
+       if (setresuid(uid, uid, uid)) {
                fprintf(stderr, "%s", strerror(errno));
                return -1;
        }
-       if (setegid(gid)) {
+       if (setresgid(gid, gid, gid)) {
                fprintf(stderr, "%s", strerror(errno));
                return -1;
        }